Good Morning !!
We are currently implementing GRC AC 10 and have configured RAR by uploading the 9 files e.g. rule set, business process etc
When we performed RAR , we found that there were about 80 roles which had SOD violations.
So we started the cleanup activity .
We found a role which had the RISK ID : F028
Now this risk contains two functions : AP02 & GL01
Going forward we found out that both the functions contained common transaction(F-02) !!
So what we did was created two roles ,
ROLE A containing only function AP02
ROLE B containing only function GL01
Then we performed Risk Analysis and to our surprise there were RISK detected for individual function !!
How is that possible !! That an individual function contain SOD risk !!
Does that mean that files provided by SAP to be uploaded are completely wrong ??
Please note we were using the same files that were available for GRC 5.3.
Will anyone check if you are getting the same issue ??